Can digital signatures assist in cybersecurity efforts?
BY Devin Partida
Remote work has changed how teams operate. With roughly 41% of American employees working remotely, businesses have had to replace many standard operations with more flexible digital alternatives. Cybersecurity measures have likewise become more flexible.
User authentication is simultaneously more crucial and challenging in a remote cloud environment than the centralised workplaces of the past. Cybersecurity teams need flexible, scalable solutions to verify users are who they say. Digital signatures are an ideal solution.
Even in a traditional workplace, digital signatures can help improve cybersecurity efforts. Here’s a closer look at how.
Digital vs. electronic signatures
Before going any further, it’s important to understand what the phrase “digital signatures” refers to here. Many sources use the terms digital signatures and electronic signatures interchangeably, but that’s not entirely accurate. Electronic and digital signatures are like rectangles and squares in that all digital signatures are electronic, but not all electronic signatures are digital.
An electronic or e-signature represents a party’s legal acceptance of an agreement. They include some method for verifying the signer’s identity and provide a record for each step of the process called an audit trail. This reveals any tampering that might have happened, ensuring the signing was valid and secure.
Digital signatures are a specific type of e-signature that offers additional security. They use cryptography to protect the process, and most use multifactor authentication (MFA) to verify signers’ identities.
Standard electronic signatures lack features like MFA and digital certificates, making them less secure. Consequently, any cybersecurity effort implementing e-signatures should prefer digital signatures.
Types of digital signatures
It’s important to note that digital signatures also fall into more specific categories. Digital signature certificates (DSCs) can be divided into three distinct classes based on their security and appropriate applications.
Class 1 DSCs don’t use MFA to verify signers’ identities, using only an email and username. As such, they see use in lower-risk applications but aren’t suitable for legal documents or more sensitive data.
Class 2 DSCs verify users’ identities by comparing them to a preverified database. Since this offers more security, they’re sufficient for moderate-risk applications like e-filing tax documents, perhaps their most common use case.
Class 3 DSCs are the most secure but least convenient. That’s because they require an authority to be present to verify the signer’s identity in person. These are relatively rare, often only seen in high-risk legal environments, and don’t work for remote workforces. However, they’re highly secure.
More than just document signing
Digital signatures most often appear as a substitute for physical signatures for legal documents. However, while that may be their most common use case, it’s far from the only one. DSCs can verify virtually any type of digital communication, with some signature solutions supporting 1,500 or more integrations with other apps.
The most familiar application of DSCs outside of document signing is cryptocurrency. Blockchains use digital signatures to protect crypto transactions, ensuring that only the rightful owner can authorise a deal with their tokens. As long as users protect their private keys, DSCs ensure no one can move around their crypto in their name.
This same principle applies to most blockchain transactions, whether they involve cryptocurrency or not. It also highlights the value of digital signatures in cybersecurity efforts. If these tools are sufficient for something as secure as the blockchain, it has substantial security potential.
Verification through hashing
The first quality of DSCs that makes them a helpful cybersecurity tool is how they use hashing for verification. Hashing substitutes data for a hash code, a fixed-length, unique identifier. This hash value will change with the slightest change to the original file, down to even a single byte, and no two codes are the same.
Since every hash value is unique and will track any changes to the file, hashing is an excellent verification tool. If anything happens to the data between two points, users can tell by comparing its hash value to the original file. Any modification, whether it’s from a hacker or software error, will be visible.
This level of visibility is critical for remote workforces. When employees can’t be physically present to work together, they need proof that what they receive actually came from their co-workers. DSC’s use of hashing to verify transaction authenticity and provide a history of edits offers that proof.
Tighter authentication methods
Digital signatures further improve security by offering tighter authentication controls than standard e-signatures. While passwords are still by far the most common way to verify users’ identities, they’re insufficient for most security processes. According to the 2021 Verizon Data Breach Investigations Report, 61% of all breaches involved credentials.
Anything where verification is a concern must use something stronger than a simple username and password to authenticate user identities. Passwords are too susceptible to error, brute force attacks and credential stuffing. Since many Class 2 DSC solutions use MFA to verify signers, they offer more protection.
An oft-cited quote from Microsoft’s Alex Wienert holds that MFA makes accounts 99.9% less likely to be compromised. That level of security in authentication combined with the transparency of hashing offers far more peace of mind in remote applications than other methods. Employing DSCs makes compromising remote communication highly unlikely.
Digital signatures offer some indirect security benefits, too. Compared to physical signatures, DSCs are far more efficient. Considering the extra work that comes with remote document signing, like scanning or faxing signed documents, DSCs’ comparative efficiency is even higher in these applications.
Vermont reduced contract approval times by 75% when it switched to digital signatures in government documentation. Time savings of that magnitude can have a considerable impact on cybersecurity efforts. IT teams often have remarkably busy schedules, and greater efficiency lets them focus on emerging threats more carefully.
Cybersecurity teams need more time to account for staffing shortages. The Department of Homeland Security alone needs 1,700 more workers to meet the threats it faces sufficiently. Security teams can focus more on critical jobs by saving time on non value-adding tasks with DSCs, mitigating the labor shortage.
Similarly, implementing digital signatures can save money, which many IT security teams also need. About 62% of surveyed organisations plan to tighten their IT budgets in response to Covid-19-related losses. At the same time, cyber threats are rising, often requiring increased spending to address.
Digital signatures can save businesses a considerable amount of money, allowing for increased security spending. For example, the Bank of Montreal estimates it can save $ 100 million in paper costs alone by switching to digital signatures. That level of savings would likely make organisations more comfortable spending more on cybersecurity.
With more money, cybersecurity teams could adopt newer technologies like automated monitoring solutions. The costs of strategies like moving to zero-trust architecture wouldn’t be as impactful in light of these savings.
Digital signatures should be a part of every cybersecurity effort
Digital signatures have impressive potential for cybersecurity efforts, especially in remote workforces. As the need for remote user verification and secure communication rises, DSCs provide an ideal solution.
DSCs’ security, efficiency and time savings are hard to ignore. As IT security teams face increasing challenges along all these fronts, the benefits of digital signatures become clearer. Any security effort should at least consider how these processes could improve their workflows.